Posts tagged with "security"

Ten Ways to Make Your Smart Home More Secure

A smart home can be such a massive help for a busy family. They automate several processes in daily life so you don’t have to take the extra time to do them yourself. A smart home assistant can keep notes for your next grocery order, and a smart outlet can help you save energy and turn your lights on and off with a single command in your phone. IoT devices can revolutionize the way you live.

As useful as smart home devices are, they can also have vulnerabilities that leave your private life open for cyberattacks. Luckily, you can take a few steps to ensure your home network stays as protected as possible.

1. Go Through a Checklist

Before you buy a smart home device, create a checklist to see if you really need it. The fewer connected devices you have in your home, the lower your chance of someone trying to hack into them.

Make sure your checklist includes all of the device’s features. Will it simplify your life to a massive extent or would you just be getting this device to avoid doing something small? If the device meets all your expectations, you should get it. However, if it has more functions that you would turn off rather than use, then don’t get the device.

2.  Protect Your Router

One of the easiest ways to keep your devices safe is to ensure you protect your router to the best of your ability. Use the highest level of encryption – typically WPA2 or WPA3. Change the router’s default name and password, which might be too easy for people to figure out. You may want to create a unique password that doesn’t have any identifying information, such as the name of someone in your household, so it’ll be more challenging for people to guess.

You’ll know your router functions on a higher security level once you take it out of its default settings.

3. Rely on a Firewall

A firewall can protect your devices from any cyberattacks or harmful software. It acts as an actual wall that keeps any hazards away from your personal network and the devices connected to it.

Firewalls can analyze just about everything from the get-go, so they’re a worthwhile safety measure you must look into if you have a smart home. While it may not always be necessary, installing a firewall can bring you peace of mind and help you know that you’re using your devices safely.

4. Have an Expert Help

When you’re a newbie at security, there’s no shame in asking a professional to help you. You can take security training classes online, which will help you know why having secure smart home devices is so important.

Once you know more about security, you’ll likely see the gaps in your own setup. If you don’t, ask a professional to evaluate and audit your network. The professional will be able to identify any security gaps you can take steps to close.

5. Use Strong Passwords

Strong passwords only work well if they’re unique, so don’t use the same strong password for multiple devices. How often you choose to change your password is up to you. However, many organizations require individuals to change their passwords every few months to maximize their security measures.

Strong passwords, with a combination of letters, numbers, and symbols, are harder for cybercriminals to guess and will leave your devices better protected.

6. Turn on Two-Factor Authentication

Multi-factor authentication (MFA) and two-factor authentication (2FA) are the same. They require more action on your part before you’re able to access permissions for a device. Two-factor and multi-factor authentication work so well because they prompt a user to interact with another device or account to get permission to access the first one.

If someone is trying to hack into your account, you’ll have a better chance of stopping them in their tracks if you have this feature enabled.

7. Opt for a Separate Guest Network

You should utilize a guest network and a personal network even if you don’t expect to have guests all the time. The IoT devices can use the guest network rather than the main network. When you split up the devices on different Wi-Fi networks, it will be harder for cybercriminals to target just one network.

8. Check Monthly Usage

You should routinely check how your devices are being used and at what times. When you check once a month, you’ll be able to notice any unusual activity and determine whether one of your devices has been hacked.

You should also know which devices are connected to your Wi-Fi router. Any connections or activity you don’t recognize should result in a password change or information update. Be sure to look out for any data breaches in the companies that you purchased your smart home technology from, too.

9. Update Your Devices

You should always ensure your devices are running the latest iteration of their firmware and software. Software updates address any security issues that might leave holes in your security. They aren’t just for looks – these updates can seriously change how a device handles a potential hack or threat.

Keep your devices updated and turn on automatic updates if possible. You’ll have a better time fighting away any digital threats that might hurt your household.

10. Have a Backup Plan

When all else fails, you need to have a backup plan in case someone hacks into your devices. You need to have a specific set of steps written down somewhere.

First, you should figure out how to get the other person off your device or Wi-Fi network. You might be able to boot them out by updating your passwords or by forcibly doing something within your device’s settings. Then, make sure to change all your information on that smart device. For added security, you can also update your passwords on your other devices.

You’ll need to know just how much they accessed. Did you have any sensitive information readily available through that device? Could they have been listening or watching through any microphones or cameras? Knowing just how much information they could have absorbed can help you understand what to do next.

If you’re worried about the device getting hacked again, you can get rid of it and opt for a different device or handle the associated tasks manually from now on. It never hurts to be prepared for the worst.

Cryptocurrency illustration by Heather Skovlund for use by 360 Magazine

SIKI – Where Entertainment Meets Crypto

As a multi-media, multi-blockchain NFT Creation Engine and marketplace wrapped in a social ecosystem that streams NFT music, live streams and post, SIKI app is one of the fastest-growing companies in the blockchain/crypto space.

SIKI is in a private “invite only” stage currently which users can apply for. Despite so, the app is already packed with cutting-edge features such as fast royalty payments, advanced statistics, security, gamification, multi-chain NFT engine, and cryptocurrencies. At this time, SIKI is mostly onboarding artists and crypto-enthusiasts.

Taking pride in making sure the platform will be ready and simple to use even for those who are new to NFT’s and crypto, SIKI is not in any rush to launch.As the app is relatively new and upcoming, we were lucky enough to speak with CEO Chris Moraites on what plans he has for SIKI.

Where did you get the idea to create the app?

Being a musician myself, I have always been trying to figure out a way to advance the music industry for new artists. I had worked on a few tech concepts in college and over the years but nothing felt like it could make a big enough impact. After meeting Jason Dowd and learning the possibilities of NFT’s, it helped me realize this is what I needed to connect everything. Since then, the project has grown so much further thanks to people like my brother Myles Moraites and longtime friend Nick Gangi.

What is the targeted market for this app?

Music, crypto, and gaming enthusiasts. As it grows, we are hoping that it is built to be simple enough so anyone can use whether they have knowledge of crypto or not.

How would you explain this app to people who are not familiar with NFT?

If they were familiar with gaming, I would say it’s like a music or media idle game. If they upload music, created playlists, or have collaborated, their accounts will grow even when they are not using the platform. The more they use the platform the higher their ranking in the platform allowing them to receive more rewards as well.

What will your app do that regular streaming sites are not doing?

Being able to support your favorite artists on a financial level isn’t something that has been available in all the major music streaming platforms. Also, by using the platform it isn’t just the songs that receive stats but fans will also be able to shine. In many situations most artists have no clue how much a fan supports them, we want to make this more transparent.

What are the goals for the launch of this app?

To bring in a strong and active community that looks to help support artists as well as each other. We would like all fans to be seen as curators, not just people who stream music but people who want to help push the reach of artists.

How do you see this app expanding in the future?

In our next phase we expand heavily into a social media approach allowing for NFT’s in images and videos. Unlike Instagram and other platforms, we allow users to monetize and NFT each piece of content. We then will be expanding into live streaming as well as gaming.

Can you explain the term ‘gamification’ to your audience who would like to be a part of it?

Gamification refers to a level/ranking system that is implemented for users and artists. This way, artists can increase in level the more active they are. For example, if they tip $1, they will rank up to a level 1 tipper. There are many different level categories as well as various rewards and benefits that come with being within the top ranked.

Will uploading my song to SIKI immediately turn it into an NFT?

No, you may upload music to SIKI and not NFT the song. However, if you want to receive royalties then it must be an NFT.

What are some of the latest developments that may excite users? 

We are excited to have DJ Clue on board with SIKI as he is one of the legendary shapeshifters of today’s music as he is a multi-platinum artist, DJ and producer who has been instrumental in the development of artists like Jay Z, Mariah Carey, Fabolous and many others, as well as DJing for NYC’s hottest music station Power 105.1. We also recently have begun some major partnerships with some of the top crypto companies out there. We launched our SIKI.io content house on November 1 in LA which has 2 recording studios in it. We will also be throwing networking events for artists and industry professionals in the future. Other events include an upcoming art basel where we will be announcing much more exciting news. I am so grateful for the SIKI team and can’t wait to share some of the developments everyone has been working on to build this platform.

Thanks to the popularity of its collaboration with DJ Clue and other celebrities, SIKI has been growing exponentially. “This is groundbreaking…This technology bridges music in a way never seen before. Putting every artist in a win/win situation,” says Platinum Recording Artist DJ Clue. in a report on the company’s plans to expand the NFT’s.

There’s a music angle here too: DJ Clue is not only one of its first clients, but he is also taking a stake in the company. There are more details on his plans where you can see at Siki.io: Clue’s NFTs will be launched on his upcoming show which complements the launch of the SIKI app this month. That hints at the NFTs being bundled with ticket sales, or perhaps offering seats at the concerts as rewards, Taylor Swift-style. Fans can be ahead of the NFT’s going on sale in the final quarter of this year.

About DJ Clue

DJ Clue is an American DJ, Platinum Recording Artist, Platinum Producer, and CEO of Desert Storm Records. He airs on NYC’s Power 105 6-10PM Monday – Friday. Born in Queens, New York, DJ Clue, also known as Ernesto D. Shaw, he was originally interested in pursuing a rap career, but quickly fell in love with generating his own beats and making crowds dance.

His first mixtape, released in 1990, became an almost instant hit, circulated widely because it contained a large amount of music that could not be heard anywhere else. He also recorded his mixing live freestyle, giving all his tapes a raw, immediate feel that became part of his signature sound. He distributed tapes independently throughout the 90s, and his first mixtape CD, “The Professional: Part 1”, sold over a million copies. Since then, he has had the opportunity to collaborate with several artists, including JadakissDMXSnoop DoggNasMary J. Blige, and Lil’ Mo.

Chris Moraites image for use by 360 magazine

Jankel and WAE Bring EV into

Jankel and Williams Advanced Engineering  collaborate to bring EV technologies and capabilities to the US Defence market

Jankel and Williams Advanced Engineering (WAE) are collaborating to bring EV technologies and capabilities to the US defence market

The partnership will combine complementary technologies and capabilities to help progress military hybrid and electrification projects

The partnership will see Jankel and WAE working on joint projects to electrify legacy and new military fleets across the US DoDJankel, a world-leader in the design and manufacture of high-specification defence, security and NGO protection systems, are collaborating with Williams Advanced Engineering (WAE); born out of the UK Formula 1 Williams Racing Team, to provide services and technologies to prime contractors in the US defence market. The partnership will see Jankel and Williams Advanced Engineering working on joint projects to electrify legacy and new military vehicle fleets across the US DoD.

Jankel’s US South Carolina based company Jankel Tactical Systems takes the lead in the USA with extensive experience designing, manufacturing and delivering vehicle-related technology and integration solutions in the US defence market. Williams Advanced Engineering is renowned for providing world-class technical innovation, engineering and specialist electric vehicle solutions across multiple applications. Proven out in the  Formula E and Extreme E arena, WAE is a pioneer in battery systems, battery management and EV drivetrain solutions across a wide range of sectors including motorsport, transport, mining and defence.

The partnership will combine complementary technologies and capabilities to help progress military hybrid and electrification projects no matter what the size, from a light tactical vehicle to the main battle tank. The experience, innovation and engineering expertise of both companies will be combined to leverage the integration, problem-solving, and tailored approach required to solve the military problem set, essential to help meet the military engineering challenges of the 21st century – mobility, sustainability and efficiency.

Craig Wilson, CEO, Williams Advanced Engineering said: “This partnership is well placed to support the integration and delivery of EV solutions and we look forward to working with the team at Jankel, combining our individual areas of expertise to deliver innovative and advanced solutions for the US defence market”

Andrew Jankel Chairman of the Jankel Group said: “Jankel is historically known around the world for providing outstanding vehicle survivability conversions and complex systems integrations.  However, in line with our new company strategy, we are also expanding our expertise to incorporate advanced technologies including remote autonomous systems, cyber security and platform electrification”. He added: “We are delighted to announce this collaboration with Williams Advanced Engineering to capitalize on some world-leading technologies and bring the very best to the US military by delivering potential EV solutions across its whole range of vehicles both old and new – driving mission success.”

Airplane illustration by Heather Skovlund for 360 Magazine

THE FUTURE OF TRAVEL PLANNING

By: Andrew Shibuya

As the world has remained in their homes this past year and a half, traveling abroad seems to be the light at the end of a very long tunnel for many. While globetrotters stayed home bound and planned their trips for the second restrictions lifted, the travel industry underwent a rapid and drastic transformation. As such, many experts claim that travel – and particularly global travel  – will be forever changed.

In the midst of the pandemic and the ubiquitous desire to be anywhere but home, travel destinations have begun to accommodate traveler’s concerns in the face of the virus. In some cases, it was changing the distance between tables in a restaurant or limiting the capacity of occupants in a hotel. In other cases, however, the only changes were claims of improvements or safer accommodations. While many hotels and restaurants truly began taking necessary precautions, some did not adapt – despite claiming to.

And such, in the age of the internet and modernity’s obsession with bureaucracy, innumerable COVID safety certificates – some valid, and some pure and simple money grabs – were born. Resultantly, the great saturation of these valuable assurances ultimately renders them to be valueless. For even the avid travelers and eagle-eyed among us, such certifications will likely prove to be a nuisance at best, and a health concern at worst.

In the travel industry, the remaining agencies have sought various solutions to this issue of verifying credibility. What happens when someone who is particularly at risk for COVID is infected by the virus at a supposedly safe hotel? Why even take these risks at all?

This past week, 360 Magazine attended an event with several travel experts who discussed this very issue and presented potential solutions. Though the situation is troubling and promises to only get worse, experts are beginning to craft plans and act against this rubber-stamping.

Terrence Suero of Buffalo-based travel agency Toca Travel has a promising and apt response to this new strain of scammers. While he is confident that the world will never return to its pre-pandemic state, Suero understands that travel is an essential part of many people’s lives. Even now, just months after the commencement of vaccine distribution, Americans have started to travel. While most are now staying within United States’ borders, some are wandering to more distant corners of the globe.

But, every new strain and ensuing restriction springs new doubts and trouble for the average traveler. And for travel agents, their work has only gotten more difficult–not only in the face of these conditions, but also regarding the endless onslaught of dubious safety certifications. To this end, Suero has started Safe Travel Pathways – a new endeavor that he hopes will eradicate, or at the very least assuage, travelers’ health concerns related to COVID.

Safe Travel Pathways at its core is an open-source directory of vetted hospitality companies. The company hopes to begin its directory abroad in Costa Rica, and if successful, to gradually expand globally. Behind Safe Travel Pathways is Suero’s ethos as a travel agent: to treat travelers as adults. His aim is simply to provide helpful and accurate information, with the goal being that travelers can make their own informed decisions.

The main criteria for Safe Travel Pathways’ approval includes adherence to internationally accepted health standards, a third-party audit system that can determine the provided level of safety and strict governance. Safe Travel Pathways uses a grading system from one to five that considers various accreditations, verified safety precautions, and guidelines to evaluate companies. The idea behind this system evinces once more Suero’s desire to allow travelers to choose their own itinerary in light of the safety information provided. While certain places may receive lower scores than others, Suero acknowledges that some people are more comfortable than others regarding COVID safety precautions.

However, Suero has more than just coronavirus in mind. His future offerings likely will include restaurants and other accommodations that have been vetted for specific allergens and other necessary health considerations. Suero was careful to note that most travel agents are not health specialists. With these future additions, he hopes to assuage as many health concerns as possible, for both travel agents and travelers. Such other future additions may highlight businesses that are accessible, sustainable, or accommodating for similar travel concerns.

Safe Travel Pathway’s test run is starting soon in Costa Rica to gain a greater understanding of its capability and viability as an international travel database. Suero hopes to soon expand into Europe and South America with the help of travel bureaus, which validate businesses on a local level. The database is free and accessible to all, with certain features limited to travel agents or agencies.

As the world reopens, much is still left unclear. With each new strain and constantly shifting guidelines, creating travel plans can be unnecessarily convoluted and stressful. Though the world may never return to “normal,” tools like Safe Travel Pathways can hopefully move us in the right direction.

 

illustration bv Samantha Miduri for use by 360 Magazine

Android Apps

When a developer leaves a mistake in application code, it can create a security vulnerability that criminals may exploit. 

According to the data presented by the Atlas VPN team, 63% of Android applications had known security vulnerabilities in Q1 2021, with an average of 39 vulnerabilities per app. 

Gaming apps had the most vulnerabilities out of all Android app categories. A whopping

96% of top free games apps were found to contain vulnerable components. Additionally, 94% of top-grossing games apps and 80% of top paid games apps also had vulnerabilities. 

Despite the fact that financial apps require some of the most personally sensitive data, vulnerabilities were also discovered in 88% of banking apps, 84% of budgeting apps, and 80% of payment apps. 

Education apps have the most high-level vulnerabilities 

Not all vulnerabilities are equal. While some may just be minor issues that do not pose any active threat to the user, other vulnerabilities can cause serious repercussions. Let’s delve deeper into the different types of Android security vulnerabilities registered since 2018. 

Education apps had the highest number of exploitable Android vulnerabilities with possible fixes as of the first quarter of 2021 43%. Meanwhile, apps in the top games category had the biggest number of exploitable Android vulnerabilities with no available fixes 6%. 

Overall, 44% of the Android app vulnerabilities were classified as high-risk, meaning they represented a tangible threat. 

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation: 

“Given that the Google Play store applications have been downloaded millions of times, it is safe to say they pose significant security risks to Android users. ”

To read the full article, click here.

By Mina Tocalini for 360 MAGAZINE

Data Privacy Core Principles

No one likes being watched, offline or on. And it is especially unnerving when a brand oversteps that boundary and pops up everywhere you go online.

Invisibly is on a mission to ensure companies have your direct consent for using your data and compensate you for the use of it. Invisibly believes in Seven Core Data Privacy Principles that can change the way companies acquire and use personal data. You can control who sees your data, where and when.

But what are these principles, and why should you care about them? These principles represent the spirit of data collection, are the basis of The Data Protection Act, the California Consumer Privacy Act, and shaped the European Union’s GDPR. The foundation of data privacy in the current digital world, Invisibly believes everyone should know the principles as we move towards a people-centered data economy.

  • Lawfulness, fairness, and transparency

People should always know what data is being collected, by whom, and why. Furthermore, your data should never be used against you- as in tracking your internet browsing secretly to sell you a product later.

  • Purpose limitation

Your data should only be used in the way it was intended. Your data shouldn’t be collected for research purposes, and then turned around for marketing.

  • Data minimization

Only relevant data should be collected. A company should not collect all possible data on you- your mother’s maiden name, first pet, and favourite teacher does not apply for a survey on what type of coffee you use.

  • Accuracy (holding)

Your data should be updated on a regular basis. Outdated data does no one any good- you or the company who wants it.

  • Storage limitation

Data should not be kept forever! Your data should only be kept for as long as necessary, and not reused.

  • Integrity and confidentiality (security)

Companies should always keep your data safe. This prevents bad actors from accessing it and keeps it safe from any cybersecurity breaches. You should never have to worry if your information is at risk.

  • Accountability

Companies must show that they are taking reasonable action to meet these principles.

More information on Fox 26 and CBS.

Green Car by Mina Tocalini for 360 Magazine

Concentric Q×A

In the current age of digital technology, car owners are being forced to consider their vehicle’s susceptibility to ransomware attacks. These malicious cyber-attacks can expose your personal data to online hackers. However, there are certain measures that car owners can take to help prevent security breaches. Proactive car owners are utilizing services like Concentric to safeguard their technology and online identity. 360 Magazine spoke with Laura Hoffner, Chief of Staff at Concentric, and Sam Connour, Concentric Intern, about how to best practice car system security.

What steps can proactive car owners take to protect their vehicles from security threats and hackers?

First, understand that all digital property can be hacked.

Second, as a result, be conscious of what personal technology you connect to or tether with. Understand that if you connect your phone to your car via Bluetooth, someone hacking into your car will then result in vulnerability to your phone (and everything else connected to your phone such as your home Wi-Fi, addresses, credit cards.)

Third, ensure your vehicle’s software is up today. Car makers, like Tesla and Jeep, are known to push out patches for these potential holes hackers can access. Keeping your vehicle up to date will aid in that effort.

Finally, protect that vulnerability by being aware of the modifications you’re making to your vehicle’s software. Don’t let unknown devices connect to your car, and be wary of who has physical access to your vehicle

What makes a car susceptible to ransomware attacks?

Cars are now equal [in terms of susceptibility] to computers as a result of their connectivity capabilities both to the internet and to Bluetooth. If a car is connected to an insecure and unprotected internet connection, hackers are capable of installing malware into a vehicle’s operating or infotainment systems.

What models of cars are the most likely to encounter hacking/privacy issues?

Cars with self-driving capabilities, or features such as lane assist or automatic braking, are particularly at risk. But practically any vehicle made in the past 20 years can be hacked. Generally, vehicles [from] 2007 or newer run a higher risk of personal information being compromised. Car makers, with a warning from the FBI, are taking steps to beef up cybersecurity within their vehicles.

Should customers be weary of certain car brands when buying technology systems for their vehicles? How can consumers find quality retailers with safe car products?

Rather than it being a concern about specific car brands, consumers should instead educate themselves on the risk associated with these vulnerabilities and take proper protocol to mitigate those risks.

Can Concentric offer any services for car owners looking to safeguard their vehicles?

Concentric offers holistic security solutions for our clients. Included in that is a residential risk assessment that can identify specific concerns and vulnerabilities. This is where personal risk associated with property would be assessed, [as well as] physical and behavioral recommendations.

How did your experience as a Naval Intelligence Officer and in the Naval Reserves translate into your current role at Concentric?

Understanding the threat landscape both nationally and internationally– as well as the acknowledgement that we make both micro and macro decisions about risk daily– ultimately prepared me to understand the corporate security landscape. Holistically viewing a problem set and identifying creative solutions are [at] the core of Naval Intelligence, thus it wasn’t a large leap to bring that mindset over with me from the government side.

As Concentrics’ Chief of Staff, what is your best advice regarding car related security?

Car-related security advice is the same as all other security advice we have: educate yourself, your family, and your team to know what risk decisions you are making that have vast implications across your security vulnerability spectrum. Additionally, security is not something to think about when you’re in a crisis. Avoid or better prepare yourself for the crisis beforehand by taking steps to vastly reduce, or eliminate, your vulnerabilities to exploitation.

Heather Skovlund computer illustration for use by 360 Magazine

Global Commitment to Cybersecurity

According to a recent study by the Atlas VPN team, the United States, United Kingdom, and Saudi Arabia lead in commitment to cybersecurity.

As technologies continue to evolve, governments around the world must face the reality of cyber threats and adapt their security practices. A study reports on countries’ scores on the Global Cybersecurity Index (GCI), varying cybersecurity training and practices, and additional statistics which help to create a fuller picture of the global relationship to cybersecurity.

A GCI score is given by evaluating each country’s commitment to legal, technical, organizational, capacity development, and cooperation indicators. The United States earned a perfect score of 100, getting all 20 points in each GCI indicator. However, while the US has the most cybersecurity resources, the latest cyberattacks on Americans have shown room for improvement.

The United Kingdom follows behind, scoring 99.54 points in GCI. The score indicates that the UK has to employ more computer incident response teams, enabling a country to respond to incidents at the national level using a centralized contact point and promote quick and systematic action.

Saudi Arabia shares second place, getting the same score of 99.54 as the UK. While being one of the fastest developing countries, Saudi Arabia has placed great importance on cybersecurity.

Estonia takes the fourth slot as they scored 99.48, losing just half a point in the capacity development indicator. Estonia has become one of the heavyweights in cybersecurity with a high-functioning central system for monitoring, reporting, and resolving incidents.

The Republic of Korea, Singapore, and Spain all share fifth place, scoring 98.52 points. 

Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on the current cybersecurity landscape, “Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. For example, creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.”

Lack of cybersecurity training 

One of the reasons why cyber attacks continue to increase is a lack of cybersecurity education and training.

Just 46% of countries provided specific cybersecurity training for the public sector and government officials. Employees in these fields usually work with a lot of sensitive or confidential information, which is why education on cybersecurity is essential. 

Meanwhile, 41% of countries provided cybersecurity training to small and medium enterprises or private companies. Businesses often become targets for hackers as the latter can easily profit off of stolen data or ransomware attacks. While more prominent private companies can afford cybersecurity experts, smaller businesses do not have such luxury.

Law enforcement agents received educational cybersecurity programs in only 37% of countries, while only 31% of countries provide training to judicial and legal actors. This training may help officers and executors of the law understand how hackers think, identify the tools that hackers use to commit attacks, and ultimately prevent and protect from future cybercrime.

Beyond co-operating within countries, Global Cybersecurity Index leaders could help less developed countries address cybersecurity challenges. Creating a strategy or sharing good cyber practices can help reach more balanced and robust security against cyber threats.

Graph via BeyondTrust.com for Atlas VPN for use by 360 Magazine

In 2020 Number of Vulnerabilities in Microsoft Products Exceeded 1,000 for the First Time

Microsoft products are used by billions of people worldwide. Historically, however, they are known to have many vulnerabilities that pose security risks to users of the software.

According to data presented by the Atlas VPN team, the total number of vulnerabilities in Microsoft products reached 1,268 in 2020—an increase of 181% in five years. Windows was the most vulnerability-ridden Microsoft product. It had a total of 907 issues, of which 132 were critical. However, Windows Server had the largest number of critical issues. In 2020, 902 vulnerabilities were detected in Windows Server, of which 138 were critical.

Issues were also found in other Microsoft products, such as Microsoft Edge and Internet Explorer. Together, these browsers had 92 vulnerabilities in 2020. In total, 61 or even 66% of these vulnerabilities were of critical level. Meanwhile, Microsoft Office had 79 vulnerabilities, 5 of which were critical. 

Ruth Cizynski, the cybersecurity researcher and author at Atlas VPN, shares her thoughts on the situation :

 “These numbers are a massive problem because every Microsoft product has millions of users. Therefore, it is important that consumers update their software applications on time. Software updates can include security patches that can fix vulnerabilities and save users from getting hacked.”

Elevation of privilege is the most common Microsoft vulnerability

A wide range of vulnerabilities was discovered in various Microsoft products last year.  However, some types of vulnerabilities were more common than others. Elevation of privilege was the most frequently detected issue in Microsoft products. It was discovered 559 times and made up 44% of all Microsoft vulnerabilities in 2020.

Next up is remote code execution. In total, 345 such vulnerabilities were found last year, putting it in second place on the list. Remote code execution accounted for 27% of the total number of Microsoft vulnerabilities in 2020.

Information disclosure occupies the third spot on the list. There were 179 such issues discovered in 2020. Together, they made up 14% of all Microsoft vulnerabilities that year.

To learn more, click HERE.

Graph via Sophos for Atlas VPN for use by 360 Magazine

India, Austria, and US Most Hit with Ransomware

Ransomware attacks are one of the leading cyber threats that organizations have to face.

According to the data presented by the Atlas VPN team, organizations in India, Austria, and the United States are among the most hit with ransomware attacks. To compare, more than 50% of companies in the mentioned countries experienced such attacks in the past year, while the global average is 37%.

Out of 300 interviewees from India, 68% suffered from a ransomware attack. At the same time, 57 out of 100 respondents from Austria experienced a ransomware attack in the last year. Next up, in the United States, 51% of participants, out of 500 questioned, reported that they were hit with a ransomware attack.

Retail and Education Sectors Suffer the Most Ransomware Attacks

Some organizations in specific sectors are more susceptible to hacker attacks due to their lower security levels or valuable data. However, cybercriminals do not shy away from attacking even the biggest companies or government administrations.

Out of 435 respondents in the retail industry, 44% were hit with a ransomware attack last year. Hackers strike retailers when it could hurt them the most, for example, on Black Friday or Christmas seasons.

Retailers share first place with education organizations—out of 499 education interviewees 44% experienced such malicious attacks. Cybercriminals usually deploy ransomware attacks at the start of a school year to cause maximum disruption.

The business and professional services industry suffered the third most ransomware attacks, with a total of 42% out of 361 respondents stating they experienced a ransomware attack in the past year. Companies in this industry are usually smaller with less staff, meaning they might not have a dedicated person to ensure security. Out of 117 participants in the Central government and non-departmental public body (NDPB) sector, 40% reported being attacked with ransomware in the last year.

Conclusion

Cybersecurity writer and researcher at Atlas VPN Anton Petrov shares his advice on how to protect your organization against ransomware attacks.

“Prepare a plan in case you… get hacked. Always have a backup of your data so you don’t have to pay a ransom. Investing in cybersecurity will cost you less than having to deal with the aftermath of a ransomware attack.”

Like with everything else, there’s a way to protect your data in order to make sure hackers don’t get to it and cause serious financial damage.